Having trouble setting static IP/Port forwarding

Hello everyone,

I’m not new to torrents, but it has been a long time (5-8 years) since I have tried to set up a bit torrent client. I have read the information about port forwarding, been to www.portforward.com and checked out the bitcomet section and my router, but still cannot get everything to line up so that the yellow light turns green.

Here is the overview. I have a Speedstream 5100 DSL modem that is plugged into a Linksys WRN 300 Router. The Router has 4 physical 8P8C5 modular connections for computers, NAS drives, printers etc. and also supports wireless devices (laptops, DVD player with wifi receiver, etc.) I have no problem surfing the web, watching netflix on demand, etc (not the greatest speeds, but fast enough). I have one desktop computer that is connected via physical cable to the router running windows 7, a second HTPC connected via a wireless connection running windows 7, and lastly a laptop that is usually connected via a wireless connection, but also can plug into the router.

The Laptop(toshiba) is what I want to run bit comet on. On this machine I am running windows fire wall and some antivirus and spyware programs. I have attached a lot of information below including pictures. I can post more stuff to help you figure out my problem, but this is what I can think of for the moment. We subscribe to SBC (now ATT) DSL service.

I think that I have told my router to always assign the address 192.168.1.102 to my wireless adapter on this computer and I have told my computer to only use this IP address (I think). I have also tried turning off my virus software and fire wall once just as a test and had Bit comet try again to find the listening port, but still got the yellow signal, so I kind of think that I am still stuck on setting up a static IP/port forwarding issue. I have also tried turning off UpNP port mapping, but that may not be evident in the stuff below. Please let me know if you need any more info to help me trouble shoot this issue.

Thanks

Steve

COMPUTER

OS: Windows Vista Home Premium Service Pack 2, 32bit

System: Toshiba Satellite A205 2GB RAM

Firewall: Windows

Antiviral:Comodo version 5.3.174623.1216 with Virus database 7444

Spybot Resident SD

Bit comet Statics

TCP Connections: Established: 0 [MAX:Unlimited] / Half-Open: 0 [MAX:200]

LAN IP: 192.168.1.105

WAN IP: 66.122.68.175

Listen Port of TCP: 25280 (Blocked by Firewall/Router)

Listen Port of UDP: 25280 (Blocked by Firewall/Router)

Windows Firewall: Added [TCP added, UDP added]

UPnP NAT port mapping: Failed [uPNP device not found!]

Overall Download Rate: 0 kB/s [MAX:Unlimited] Max Connection Limits: 50 per task

Overall Upload Rate: 0 kB/s [MAX:Unlimited] LT Seeding: 0 kB/s [MAX:Unlimited] All BT Upload Slots: 0

Free Phys Mem: 973.98 MB (Min to keep: 50 MB)

Disk Cache Size: 0 B (Min: 6 MB, Max: 50 MB)

Disk Read Statistics: Request: 0 (freq: 0.0/s), Actual Disk Read: 0 (freq: 0.0/s), Hit Ratio: 0.0%

Disk Write Statistics: Request: 0 (freq: 0.0/s), Actual Disk Write: 0 (freq: 0.0/s), Hit Ratio: 0.0%

SBC DSL Modem information

CONNECTION INFORMATION

DSL UP

Connection UP

Connected at 448 Kbps (downstream)

384 Kbps (upstream)

IP Address 66.122.68.175

IP Gateway 66.122.69.254

DNS Servers 68.94.156.1 dnsr1.sbcglobal.net

68.94.157.1  dnsr2.sbcglobal.net

Mode PPP on the modem (Private IP for LAN device)

Timeout 20 minutes

MODEM INFORMATION

Modem Name SpeedStream

Model 5100

Serial Number 2000B23CB51B5

Software Version 1.0.0.39

MAC Address 00:0B:23:CB:51:B5

First Use Date 2005/05/13 19:12:45 GMT

LOCAL NETWORK

Modem IP Address 192.168.0.1

Ethernet Status Connected

Modem diagnostics

Details - DNS Check

This test checks the availability of the Domain Name Servers.

Query DNS for a well known host pass

Ping primary DNS pass

Ping secondary DNS pass

Details - IP Check

This test checks the IP connection and traffic.

Check IP connection to Ethernet (LAN) pass

Check IP connection to PPP pass

Validate WAN assigned IP Address pass

Details - Authentication Check

This test verifies authentication with your Internet Service Provider.

Check authentication with PPP Server pass

Details - ATM Check

This test checks the ATM connection.

Check ATM cell-delineation pass

Check ATM signal pass

Perform ATM OAM segment ping pass

Perform ATM OAM end to end ping pass

Statistics from modem

ADSL Information

Line State UP

Modulation G.dmt

Data Path interleaved

To Modem	To Internet	

Max Allowed Speed (kbps) 448 384

SN Margin (dB) 10.5 -

Line Attenuation (dB) 48.5 -

Loss of Signal 0 -

Loss of Frame 0 0

CRC Errors 319 6

ATM Information

VPI / VCI 0 / 35

Protocol PPPoE

In Octets 773507792

In Errors 27108

In Unicast Packets 7260561

In Non Unicast Packets 0

In Discard Packets 0

Out Octets 1733508866

Out Errors 0

Out Unicast Packets 6458317

Out Non Unicast Packets 0

Out Discard Packets 9615

PPPoE Information

Session Status UP

Server MAC Address -

Session ID 61824

IP Information

Internet Address 66.122.68.175

Internet Gateway 66.122.69.254

DNS Servers 68.94.156.1 dnsr1.sbcglobal.net

68.94.157.1 dnsr2.sbcglobal.net

IP Interfaces

Address Netmask Name

192.168.0.1 255.255.0.0 eth0

Routing Table

Destination Netmask Gateway Interface

127.0.0.0 255.0.0.0 127.0.0.1 lo0

192.168.0.0 255.255.0.0 192.168.0.1 LAN

66.122.68.175 255.255.255.255 66.122.68.175 PPPoE

Default Gateway - 66.122.69.254 PPPoE

LAN Information

Modem IP Address 192.168.0.1

Modem NetMask 255.255.0.0

DHCP Address 192.168.1.64

Devices on LAN

IP Address MAC Address Name Status

192.168.1.64 00:1D:7E:6E:42:5C - inactive

Ethernet Information

MAC Address 00:0B:23:CB:51:B5

In Octets 1650906398

In Errors 0

In Unicast Packets 6601393

In Non Unicast Packets 202918

In Discard Packets 0

Out Octets 691813918

Out Errors 0

Out Unicast Packets 7262209

Out Non Unicast Packets 25898

Out Discard Packets 11

Wireless Router Linksys WRT300N V1.1

Firmware Version: v1.51.2 Feb. 27, 2007

Current Time: Wed, 19 Jan 2011 11:12:39

Internet MAC Address: 00:1D:7E:6E:42:5C

Host Name:

Domain Name: domain_not_set.invalid

Internet Connection

Connection Type: Automatic Configuration - DHCP

Internet IP Address: 192.168.1.64

Subnet Mask: 255.255.0.0

Default Gateway: 192.168.0.1

DNS1: 192.168.0.1

DNS2:

DNS3:

MTU: 1500

DHCP Lease Time: 24 Hour

DHCP Client Table

Client Name Interface IP Address MAC Address Expires Time

Pedro LAN 192.168.1.100 00:18:F3:6D:E3:05 14:20:18

Kip LAN 192.168.1.105 00:A0:D1:84:F9:97 21:59:04

ASUS-HTPC Wireless 192.168.1.101 68:7F:74:89:99:7A 22:30:14

Kip Wireless 192.168.1.102 00:13:E8:9C:BD:54 21:59:59

Local Network

Local MAC Address: 00:1D:7E:6E:42:5B

Router IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

DHCP Server

DHCP Server: Enabled

Start IP Address: 192.168.1.100

End IP Address: 192.168.1.149

/monthly_01_2011/post-60462-12954749630615.jpg" rel=“”>

/monthly_01_2011/post-60462-12954749670867.jpg" rel=“”>

/monthly_01_2011/post-60462-12954749698952.jpg" rel=“”>

/monthly_01_2011/post-60462-12954749721638.jpg" rel=“”>

Your router can’t be told to assign X address to Y machine. It doesn’t work that way.

The computer must assert the address it wants. It’s up to you to make sure no other machine has that address.

The best way to do that is to take the address out of the assignable pool.

Figure out how many dynamic address assignments you actually need, probably no more than a couple. Add one or two more for friends who drop by with their laptops, etc.

Limit your assignable address pool to 192.168.1.2 through 192.168.1.6. That will give you five dynamic addresses, which should be plenty. Save 6 through 255 for static assignments. You can keep using 102 if you like, but make sure it’s correct.

If you routinely take the laptop to connect to school or work networks, then it’s almost certainly set up to request a dynamic IP address from whatever it connects to. You will need to reconfigure it to use a static IP at home but keep it dynamic at school/work.

This must be done in the computer’s network settings for the active network adapter.

Your router can’t be told to assign X address to Y machine. It doesn’t work that way.

Cool. Thanks for that info. That makes sense.

The computer must assert the address it wants. It’s up to you to make sure no other machine has that address.

The best way to do that is to take the address out of the assignable pool.

Got it. How do I do this with my router. It isn’t very obvious where I set the number of address in the assignable pool. Is it the maximum number of users?

/monthly_01_2011/post-60462-12954877003847.jpg" rel=“”>

Figure out how many dynamic address assignments you actually need, probably no more than a couple. Add one or two more for friends who drop by with their laptops, etc.

Limit your assignable address pool to 192.168.1.2 through 192.168.1.6. That will give you five dynamic addresses, which should be plenty. Save 6 through 255 for static assignments. You can keep using 102 if you like, but make sure it’s correct.

OK. So I think to make this easy, I’ll follow your example and change stuff to 192.168.1.2=Desk Top, 192.168.1.3=HTPC wired connection, 192.168.1.4=HTPC Wireless connection, 192.168.1.5=Laptop wired connection, 192.168.1.6=Laptop wireless connection, 192.168.1.7=Networked Printer and save the last 3 for future stuff.

If you routinely take the laptop to connect to school or work networks, then it’s almost certainly set up to request a dynamic IP address from whatever it connects to. You will need to reconfigure it to use a static IP at home but keep it dynamic at school/work.

This must be done in the computer’s network settings for the active network adapter.

Do I just need to assign the static IP address for each machine in the Internet Protocol Version 4 (TCPIPv4) properity or do I also need to assign it under the TCP/IPv6 as well or some place else?

/monthly_01_2011/post-60462-12954885886157.jpg" rel=“”>

Thanks again for the help.

Steve

It never ceases to amaze me how people will fail to check the most basic things, when in trouble.

If you would have taken the trouble of simply googling your modem model you would have seen that it’s not a simple modem at all, but a ROUTER itself and it would have probably saved you a lot of time.

Well, the info is pretty much present even into the modem statistics you provided right above as well, if you look close enough. You can see there that you have two different IP addresses for your modem (corresponding to its 2 different network interfaces), a public one for the WAN interface of the router (66.122.68.175) and a private one, for the LAN-side interface of the switch of your modem/router/switch combo (192.168.0.1). Which means your “modem” actually performs NAT too because it’s a router as well.

I have read the information about port forwarding…

I don’t know exactly what you’re referring to, but there is in the BitComet Wiki - port forwarding guide, in the second part of the guide, which deals with Manual Port Forwarding, a special subsection dedicated specifically to cases like yours and it’s named: Cascaded Routers.

You should find in there all the basic info you need. If you get stuck at any particular place or have more questions, feel free to come back and ask.

Limiting the assignable pool is done right there in the DHCP server settings, yes, so you have the start address and the max # of users, or the range. This is the way some routers do it, while others use the start address and the end address. Either way works and makes no difference.

IPV6 hasn’t been widely adopted yet, and your router certainly doesn’t use it. If you are very lucky and your school network DOES, then you could leave the IPV6 settings alone, making school happy, and just change the IPV4 settings, making the home router happy. But probably not, probably both use IPV4 and you’ll have to switch back and forth. In that case you can pretty much ignore the IPV6 settings, or disable them.

(What actually happens is that Windows uses a protocol named “Teredo” – named after a seagoing worm that eats tunnels in wood and is largely why sunken ships disappear – to run IPV6 over an IPV4 connection. Unless/until somebody has told you that you need IPV6, I’d disable it as an unneeded complication.)

On your address assignments, you won’t need 192.168.1.5 or 6 for the laptop, since you’re going to be giving the laptop a static address higher up, no? (I assume you have some other reason for using both types of connection.) This is not a big deal, just wanted to assure we’re on the same page. But if you aren’t going to have both wired and wireless NIC’s active at the same time on the laptop, you don’t really need separate addresses for each either.

You CAN decide to set up everything with static IP’s, or you can leave them dynamic, but it seems you’re trying to do both or have conflated them.

If you’re going with static all the way, then set your max number of users to, say, 2 for visiting friends. Then your first available static address would be 3 for the desktop, 4 for the HTPC, &c

If you’re going to leave them as dynamic, then set your max number of users to 10, and let the router take care of which device gets which assignable address in the 1 through 10 range. (Also this way you don’t have to reconfigure all the other devices.)

Thanks for the help Guy. I’m going to first make a static IP address from my Linksys WRT300N router to my Speedstreem 5100b modem/router. From the info that I gave you above in my original post Can you tell me if these are the correct values to use?

Here is what I think it should be. Can you tell me if this is correct?

IP Address 192.168.1.64

Subnetmask 255.255.0.0

Default Gateway 192.168.0.1

Here is what the screen looks like

/monthly_01_2011/post-60462-12956549597442.jpg" rel=“”>

After that I will then set my computers that are hooked to my Linksys WRT300N router to have a static IP address

Steve

Um, no. You’re trying to change the router’s connection settings, which is not correct. Those settings have to remain as your ISP told you to set them.

Where you need to set a static IP is in your LAPTOP’s network settings.

The changes to the assignable pool are done on the router’s LAN side, not the WAN side. The WAN side (which your router calls its Internet settings) must conform to ISP requirements, and the only things you can change are on the LAN side (which your router calls its Network Setup).

The router will continue to get a dynamic address from your ISP for it’s WAN side. That’s fine. The router performs network address translation for you, substituting its own dynamic IP for those of all the computers connected to it. It receives all of the replies, then routes each to the proper destination computer. From the outside, the world only sees your router. It can’t see the individual computers connected to that router, and for all the world knows, you have a thousand computers behind that router. This is how it’s supposed to work.

Well it has been a little of a bumpy road, but I think I have a static IP address between my lap top and my router.

First I kept my router set to get a dynamic IP address from my Speedstreem 5100b modem/router.

/monthly_01_2011/post-60462-12957986556662.jpg" rel=“”>

I was able to assign the address 192.168.1.20, which is outside of the dynamic range.

/monthly_01_2011/post-60462-12957985054798.jpg" rel=“”>

I also was able to set the DNS server correctly. However this picture show it as 192.168.1.15 and I now have it on 192.168.1.1.

From there I made sure that Bit comet didn’t have the UPnP Port Mapping enabled under the preferences. I told Bit Comet to use port 65001 to listen on.

/monthly_01_2011/post-60462-1295798593969.jpg" rel=“”>

This is the port I forwarded on my Linksys router

/monthly_01_2011/post-60462-12957986247963.jpg" rel=“”>

Still not able to get the green light. Please note that I did at one point after this was all set up turn OFF my spyware/virus software and disable the windows firewall to check if Bit Comet could listen and I still go the yellow light when I clicked on the yellow light and told it to “Check again”.

Do I need to set up a port forwarding between my speedstreem 5100b router/modem and my Linksys WRT300N Router?

Thanks again for the help.

Steve

Do I need to set up a port forwarding between my speedstreem 5100b router/modem and my Linksys WRT300N Router?

The answer to that is a big YES, as you can find in the (sub-section of the) Wiki guide (Cascaded Routers) that I’ve provided you in my previous post.

Or (if applicable to your equipment) you can try to follow one of the alternative solutions, presented in there.

First I kept my router set to get a dynamic IP address from my Speedstreem 5100b modem/router.

While that would be correct if your Linksys router were connected to a simple modem (who acts as a mere bridge device at OSI network Layer 2) this is wrong as you have ANOTHER router (an OSI Layer 3 device) standing between your Linksys router and the Internet. That’s your modem/router device which actually creates another network between the Internet and your LAN network (Linksys router + your computers). That another network is composed of the LAN interface of your modem/router and the WAN interface of your Linksys router.

You can see it easier in the picture of the guide; in your case the LAN between your modem and your Linksys router would be LAN A and the LAN between your Linksys router and your PCs would be LAN B (drawing a parallel with the guide).

You’ve performed so far, port-forwarding for LAN B, but you still need to do it for LAN A as well, in order for your client to have an open port.

If you choose the solution of doing port forwarding on the modem/router as well, make sure that you use the same port number and that you assign static/fixed IP to your Linksys router (you’ll have to treat the WAN interface of your Linksys router as a PC as far as your modem/router is concerned) from the private range defined by your modem/router device (from the data you provided, it would be in the 192.168.0.x network).

You’ll have to take the same precautions as with your Linksys router forwarding process, in order to make sure that the IP that you assign to the WAN NIC of your Linksys router is outside the DHCP pool range of the modem/router device (or disable DHCP on the modem altogether).

The Speedstream is a tricky beast. I have one from my ISP, (though a model 4100, they’re very close to the same thing). It does nominally contain a router despite having only the one connection port, but is configured as, and can be treated as, just a modem. Most particularly, the Speedstream lacks an internal firewall. Since it does, no port needs to be forwarded through it. and this is not an issue. It DOES do network address translation, but you don’t need to concern yourself with it. Treat it as a modem.

My speedstream is connected to my router, whose firewall definitely IS active, and has my listen port forwarded through it.

Your remaining yellow-light issue probably isn’t the hardware, but a software firewall still running. You’ll need to revisit that and try to devise tests to make sure.

The answer to that is a big YES, as you can find in the (sub-section of the) Wiki guide (Cascaded Routers) that I’ve provided you in my previous post.

Or (if applicable to your equipment) you can try to follow one of the alternative solutions, presented in there.

While that would be correct if your Linksys router were connected to a simple modem (who acts as a mere bridge device at OSI network Layer 2) this is wrong as you have ANOTHER router (an OSI Layer 3 device) standing between your Linksys router and the Internet. That’s your modem/router device which actually creates another network between the Internet and your LAN network (Linksys router + your computers). That another network is composed of the LAN interface of your modem/router and the WAN interface of your Linksys router.

You can see it easier in the picture of the guide; in your case the LAN between your modem and your Linksys router would be LAN A and the LAN between your Linksys router and your PCs would be LAN B (drawing a parallel with the guide).

You’ve performed so far, port-forwarding for LAN B, but you still need to do it for LAN A, as well in order for your client to have an open port.

If you choose the solution of doing port forwarding on the modem/router as well, make sure that you use the same port number and that you assign static/fixed IP to your Linksys router (you’ll have to treat the WAN interface of your Linksys router as a PC as far as your modem/router is concerned) from the private range defined by your modem/router device (from the data you provided, it would be in the 192.168.0.x network).

You’ll have to take the same precautions as with your Linksys router forwarding process, in order to make sure that the IP that you assign to the WAN NIC of your Linksys router is outside the DHCP pool range of the modem/router device (or disable DHCP on the modem altogether).

Thanks for the Help Greywizard. If I am going to make a static IP connection between my Linksys router and speedstream modem router I need some more specifics in regard to my situation. That is why, originally, I included a technical readout from the speedstream in hopes that someone could look at it and help me with the addresses. Can you look at it and help me with this stage? I don’t really care what the numbers are (I don’t care if I assign the WAN side of my Linksys router to a specific number just that it works).

Can you help me with my Linksys router static IP addressing?

IP address should be 192.168.0.?

Subnet mask 255.255.?.?

Default Gateway 192.168.?.?

DNS ?.?.?.?

It seems like my speedstream is set for a DHCP pool range of only 1 IP address. Does this mean I can use anything else for a static address? Can you look at the technical readout and confirm that the pool is only 1 IP address?

Once I get this I still have to figure out how to tell the router of the speedstream to forward a port. From what kluelos said, I might not have to forward a port through this, but if I do can you tell me how to do this? There isn’t anywhere with in the modems web page. Got any ideas?

There is a way to put the modem into Bridge Mode, but from the web page that you help me find, it looks possible so would you recommend going this route?

There is something that says:

A very limited number of applications require that the public IP address assigned to the modem be used by the local LAN device.

Let LAN device share Internet address?

No, use private IP address.

Yes, use public IP address.

So what if I let the LAN device (my linksys router) share Internet address would this accomplish the same thing as setting the modem to Bridge Mode?

So far both of you have helped me a lot, but I am really new to this networking thing, so I still need more help. I’ll look more into the software aspect of it and see if that is where I am having the problem. I know many other people that have the speedstream that treat it like a modem only and it seems to work for them so I’m still not sure if it is hardware or the software.

Thanks

Steve

Well I just wanted to let you guys know that I finally got the green light to work. I was able to put the modem into bridge mode and set the Linksys router into a setting PPPoE and just copied the info that was on the connection configuration for my modem into my router. After restarting the modem, router, and my computers everything worked, even when I have my anti-spyware and Firewall up (of course there is an exception for Bit comet. The only thing is that my internet connection seems slower than before. I’ll have to keep it on for a while and really decide if it is really slower. Maybe go back to how it was and run a few speed tests.

One think is that Bit comet does not seem any faster at downloading things. Maybe a little bit slower.

Steve

And maybe a little less stable. It seems like I am getting errors from my web browser more frequently (just not finding pages) and I use teamviewer to access my home computers from work and it isn’t always connecting to them like before. FWIW my down load speeds are running about 35kbps. I’m going to have to check with my ISP to see what they should be sending me data at, but I think this is kind of slow. If there are any adjustments on the modem (I doubt it since it is in bridge mode) or to my Linksys router that you can suggest I’ll give them a shot. Thanks.

Steve

You can always try temporarily pulling the Linksys out of the loop as a test, if you think it’s causing a problem. Then, if you still have the problem you’ll know you need to look elsewhere.

Failure to find a page can’t be caused by connecting hardware. A hardware problem there would prevent communicating with the site at all or affect every page. Occasional “not found” errors aren’t a possible failure mode.

The speedstream should not necessarily need to be in bridge mode, but that probably doesn’t hurt anything. You definitely don’t need to have the modem use it’s internet or WAN/side address, and that’s probably not wonderfully safe to do anyway.

As for speed, remember that torrent download speed is highly variable and mostly out of your control, so it’s best to do your testing with http/ftp transfers.

You can always try temporarily pulling the Linksys out of the loop as a test, if you think it’s causing a problem. Then, if you still have the problem you’ll know you need to look elsewhere.

How would I do this if the modem is in bridge mode? Wouldn’t the first computer be exposed to the internet since this modem does not have a firewall? I’m not sure that I would be able to configure a computer to safely test this. How do I set the adapter to properly handle the PPPoE aspect of the connection? If I return the modem to the way it was (not in bridge mode) then it really won’t test what I need. I might try changing the modem back, setting up a dynamic IP address between the modem and my linksys router then run a speed test. If it is different than when it is in bridge mode then I’ll try to trouble shoot it more, if it is the same then I guess it is my ISP.

Failure to find a page can’t be caused by connecting hardware. A hardware problem there would prevent communicating with the site at all or affect every page. Occasional “not found” errors aren’t a possible failure mode.

Hum. I’m not sure what you mean by this. I think that the connection is some how being “dropped”? Does this even happen? Maybe the modem has to keep renegoitating a connection protocol/speed? I don’t know enough of this to really even guess so maybe you could dumb it down a little for me to tell me what you are refering to?

The speedstream should not necessarily need to be in bridge mode, but that probably doesn’t hurt anything. You definitely don’t need to have the modem use it’s internet or WAN/side address, and that’s probably not wonderfully safe to do anyway.

I agree it should not necessarily need to be in bridge mode, but that is how it works and I don’t know how to port forward through it and I also don’t know how to set up a static IP from the Linksys router. I do know that my software (firewall, spyware, antivirus) is configured correctly as when I have it in bridge mode and the Linksys router in PPPoE, I get the green light from Bit comet telling me that the listening port is being forwarded correctly though my linksys router and past my software protection.

Can you help me with my Linksys router static IP addressing based on the technical read out I initially provided-I need specifics as I don’t understand how these things relate to each other?

IP address should be 192.168.0.?

Subnet mask 255.255.?.?

Default Gateway 192.168.?.?

DNS ?.?.?.?

As for speed, remember that torrent download speed is highly variable and mostly out of your control, so it’s best to do your testing with http/ftp transfers.

Yeah. I’m not worried about speed as much as I am the seemingly irratic connectivity. Sometimes it is great, but then it seems to drop off. Kind of like a cell phone with a poor connection.

Thanks again

Steve

First, congrats on making it work.

I doubt that putting your device in bridge mode would affect your speed (if anything it should increase it due to less processing required from the modem’s processor) unless there is a fault in the firmware code of the modem.

You’ve got your green light (a.k.a. open listening port) for now.

Now, the speed issue is an entirely different cup of tea. You haven’t provided any data on your download/upload bandwidth (as advertised by your ISP in your contract) nor on the tested speeds (as returned by a test site such as http://speedtest.net). Therefore, we can’t take even a wild guess if your speeds are what they should be or not.

Besides, using the speeds you obtain in BitComet for a couple of torrents isn’t the best way to test your connection’s capabilities.

Last but not least, you need to cap you Max Upload Rate in BitComet to 80% of your tested upload speed, making sure that you convert the speeds from Kb to KB (which is the unit BitComet uses). Also you need to not run more torrents simultaneously than your upload bandwidth can support.

Then when all is properly set, use a well seeded torrent (such as Open Office) to test your download speeds.

Anyway, if all your other programs still behave crappy (in bridge mode) this could also mean that your Linksys router isn’t behaving (for some reason) very well as a PPPoE client. You can still go back with the modem to router mode, as you still possess a couple of alternative solutions. But that’s up to you, you’re at the console and the only one who sees the results in real time.

Just to answer a couple of the questions from your above post:

As you guessed it doesn’t really matter what IP you choose to use for your PCs or for your router. Just make a choice and be consistent with it along all the configuration process. However there are a few rules to observe.

Taking the network provided by default by your modem/router, 192.168.0.x with a subnet mask of 255.255.255.0, you need to stay away from the 192.168.0.0 address (which is the base network address and hence never used for hosts). Ditto for the 192.168.0.255 (which is the network’s broadcast address). Other than that you can assign any address to your router from the 192.168.0.1-192.168.0.254 range.

By convention most of the times the gateway (your modem/router’s LAN interface in this case) will take the first or last address of the range (it already has 192.168.0.1 assigned to it so you should leave it be).

So, you’re just left with deciding an IP for the WAN NIC of the Linksys router (which you’ll use for port-forwarding on your modem/router).

I don’t know for sure what your modem’s web interface looks like so I can’t exactly walk you through port-forwarding on the modem (in case you decide to do that).

But I’d say, give your current configuration some time and test it a little to see if it really works or not.

Kluelos, I beg to differ. It seems to me that at some level you’re confusing the two notions a little.

Port-forwarding is performed only because of NAT (NAPT to be more precise) and never because of a firewall.

If a firewall is blocking a port number for a certain protocol or for all protocols, all you need to do is open the port for the desired protocols (or all of them), as you very well know, by defining a rule in the firewall setup page.

It is only in the case of NAT, namely, the special flavor of NAT called NAPT (network address port translation), which masquerades multiple private IPs behind a single public one, when port-forwarding is needed.

And that’s because the router has no way of knowing to which IP, the incoming traffic (that isn’t a response to an outgoing connection) is destined/intended.

I’m well aware that you know this, too.

But I think that because of the cumbersome interface of so many routers you configured (which almost mischievously present both the step of port forwarding and the inherent one of opening the port in the firewall under a unified page/interface) that the two notions somehow merged in your mind.

Nonetheless we should acknowledge the two operations as distinct. That is, because opening a port in the firewall or even disabling entirely the firewall, STILL will never, only by itself, get you an open listening port if NAPT is being used by the router.

The traffic will very well pass through the open port, get to the router process which innocently still won’t know what to do with it or to whom to send it, thus it will drop the whole traffic.

And that’s because the router has no way of knowing to which IP, the incoming traffic (that isn’t a response to an outgoing connection) is destined/intended.

That part isn’t my understanding at all.

The router doesn’t need to know which IP incoming traffic is for, because it presents that traffic to all unblocked devices. That is to say, if you disabled the internal firewall, then the incoming traffic would be available to all of the connections. The router doesn’t try to route the traffic, knowing up front that it cannot.

Or to put it another way, if you open the same port to two different IP addresses, then connect two computers at those IP addresses, both will get that incoming traffic.

Consider: if you have two machines connected to one router and have disabled the firewall, then what can the router do with incoming traffic? There’s no basis on which to route it. There are only two options. Either drop the traffic, or send it on to both of them.

Dropping traffic hacks network administators off and is always a bad choice. “Whatever you do with traffic, you don’t just drop it without being expressly told to do that, e.g., nowhere valid to send it at all. Dropping traffic is the last alternative, only when there is NO other choice.” That’s a generally-accepted networking principle.

So all of them choose “send it to every connection”. This is exactly what a plain ol’ hub does.

Suppose, instead, that there are no firewalls. Two machines hooked to a router hooked to the internet. Is either machine safe from infection from incoming traffic simply because they’re behind a router? In comes infectious traffic with, say, a stack overflow exploit in Windows Messenger. It’s addressed to the router, which is the only IP anyone outside can see. Are you saying that one or both computers can’t be infected by it, despite not having firewalls, because the router will drop the traffic?

NAT by itself shouldn’t touch the port number, shouldn’t alter it at all, and shouldn’t really even concern itself with what the number is. It’s only when you get a firewall that you start looking at port numbers, and blocking them, and need to forward. “Forward” is kind of a poor choice of words, mean to emphasize that the process CAN alter the port number if desired, but this is seldom actually done or needed. Or, looked at another way, the process changes the port number, but to exactly what it was before unless told otherwise.

The whole scenario that you described where a router will forward traffic to all the IP addresses of its subnet isn’t quite accurate. Routers don’t exactly do that. If they did they wouldn’t be routing anymore (and therefore not worthy of their names), they would be broadcasting instead.

Let me elaborate.

A router will ALWAYS need to have a route (either static or dynamically acquired) in its routing table in order to forward traffic. If not it drops it! That’s a basic routing principle (and you can trust me on this one, as right now I’m reviewing the matter to pass my CCNA exam on Cisco routing ).

Now SOHO “routers” have come to be incredibly complex integrated devices. For the purpose of our discussion a SOHO router will always contain a **router **+ an Ethernet switch.

The thing that we need to acknowledge is that all SOHO routers (I’m referring to the router part of the device) have only two interfaces: the WAN interface and the LAN (Ethernet) interface (we’ll leave out of discussion cases that use USB networking or other ports to keep it simple).

The LAN NIC of the router is **internally **connected to a port of the Ethernet switch, so if you’ll have a “router” with 4 physical LAN ports you actually have inside the case a switch with 5 ports out of which one is internally connected to the Ethernet port of the router part of the device.

This is important to acknowledge as it helps keeps things separate. When we’re speaking of stand-alone enterprise routers, if you take one of those and connect it to a switch it will NEVER have any form of NAT enabled on it by default.

So let’s assume a lab setup case of an enterprise router connected to–> switch connected to → 2 computers (as you described above). We’ll assume a router with only 2 interfaces: a serial “WAN” one and an Ethernet one to keep things alike.

In this case there is only one possibility that traffic will reach any of those 2 computers: that is when the router will receive on its other (“WAN”) interface, IP packets which have as the destination IP, one of the IPs of those 2 computers.

Upon receiving the packets the router will do what it always does: perform a bit-wise boolean AND operation between the destination IP (in binary) and the subnet mask of each route in the routing table, and if the number of left-most bits of the destination IP (defined by the subnet mask of the route) match those of the network from the route in the routing table, then it will have a route match and will forward the packet through the interface associated to that route (the Ethernet interface of the router, in our case).

Of course the routing process is a little more complex, I’ve just mentioned the part the interests us. For more info you could check these:

http://academy.delmar.edu/Courses/download/CiscoIOS/CiscoRoutingTable2_Lookup.pdf

http://academy.delmar.edu/Courses/download/CiscoIOS/CiscoRoutingTable1_Structure.pdf

Now this is the tricky part of our discussion. The router does forward the packet ONLY ON ONE INTERFACE (the one with the best route match) which in our case will be the Ethernet interface.

So, in our case, in order for the router to route the packet through its LAN interface, the packet will NEED to contain a destination IP from within the subnet of the LAN interface so that it matches the route to that interface (from the routing table).

Otherwise it gets dropped!

Once the packet has been routed to the LAN interface, the router will consult its ARP table for an entry with the MAC address of the destination IP. If it does have one it will encapsulate the packet right away in an Ethernet frame and send it out of the LAN NIC, otherwise it will perform an ARP broadcast to find out which MAC address owns that IP and as soon as it receives it, the same encapsulation process from above will be followed.

But if for the destination IP there ISN’T found a MAC address, even after broadcasting an ARP request, that will mean for the router that there is no machine with that IP, online at this time on the LAN. Therefore the packet will be dropped, as it cannot be sent out the interface without having a MAC destination address.

Thus, even if the packet makes it past the routing process (because it has an IP that matches the subnet of the LAN) it doesn’t make it out the Ethernet interface if there isn’t found an actual recipient for it.

The switch itself DOESN’T do broadcasting as well (that’s the great advantage of switches against hubs; they separate connections between whichever two hosts connected to their ports and thus eliminate Ethernet collisions which often reduced to below 50% the performance of Ethernet networks in the past).

The switch will send the packet right away to its destination by consulting its MAC table and the destination MAC of the packet. If it has an entry in the MAC table containing that MAC address, it will use the physical port specified in the entry to send out the packet.

The ONLY instance when a switch performs a broadcast (of course, we’re leaving out discussions about broadcast traffic that is sent as such from the originator) will be when it doesn’t find in its MAC address table the MAC-port entry for the destination MAC address (e.g. due to timeout of the entry). In that case it will, indeed, broadcast that packet to all ports but as soon as it receives an answer through the port connected to the destination machine (obviously only that machine will reply), it will add an entry to its MAC table and then all the following packets toward that destination MAC will be UNICAST.

So, as you say, it IS possible to reach out toward a LAN PC in a standard router-switch setup (as it works in a laboratory) or in a huge LAN split in multiple sub-LANs and delimited/served by multiple routers (the case of a campus or of headquarters of a big corporation with 1500 - 2000 PCs, where it makes sense to split them in smaller LANs and perform routing between them), though, even then (unless you’re broadcasting yourself), you won’t be able to reach but one at a time.

In that case it doesn’t matter that PCs are using private IPs since all subnets connected to all of the routers’ interfaces will use private IPs and NAT isn’t needed.

There will be only one or a few gateway router(s) that connect to the Internet and that will perform NAT for the whole mega-LAN and only they will be concerned with that.

But in the case of a SOHO router, if you want to be able to use more than one computer on the LAN and have access to the Internet, you NEED to perform NAPT. Because if you don’t you won’t be able to use the Internet, since the border gateways of all ISPs don’t route private IPs.

That’s because those routers are CONFIGURED not to route them; a router doesn’t just by default refuse to route private IPs. (All the routers we use in the labs are enterprise Cisco routers, just as those used by an ISP and they route any type of IP just fine, by default.)

However, SOHO routers being intended for whom they are, most of them have NAPT enabled by default and for most of the models you can’t even disable NAT, at all! That’s because this is the only way to enable multiple computers to access the Internet simultaneously.

If standard NAT would be used, then only a single computer could access the Internet and indeed you wouldn’t need to concern yourself with port numbers. It’s only by using port numbers that you can enable multiple private IPs to access the Internet through a single public one. That stands true both for outgoing connections and incoming ones. The only difference is that for the outgoing ones, the NAT process can see for itself which IP is initiating the connection and which port it uses so it adds them automatically in the NAT table.

But for incoming ones it has no way of knowing to which private IP of the LAN it should send the packet, because all it has is a public destination IP (the one of the WAN NIC) and a port number. If that port number isn’t manually linked/registered to one of the LAN IPs (or automatically through a protocol like UPnP) the NAT process WON’T change the destination IP into a broadcast one and thus flood the entire LAN.

Think of it, this could bring an entire LAN to its knees in seconds and it would have been a paradise for pirates. What DDOS, bot networks, zombie PCs and other elaborate attacks? All you would need to do were to send traffic on all ports, there is bound to be one that isn’t registered for any LAN IP, and then voila! The flood begins!

So, to answer your question, NO, the NAT process doesn’t flood the LAN with the packets when it doesn’t know for which IP they are intended! It makes the sensible choice instead and it drops them. So, yes, NAPT by itself is a certain layer of protection against unsolicited incoming traffic.

But hackers have found ways to bypass NAPT by using IP spoofing and other techniques, hence firewalls quickly became a de-facto presence on each router since it’s always been their job to prevent intrusion into the network and hence they’re infinitely more versatile. The protection offered by NAPT is more of a side-effect and therefore it doesn’t have the means and flexibility to address the whole range of different types of attacks, as it was never intended for that purpose.

That’s why firewalls were still needed alongside NAPT.

As far as the collocation “port-forwarding” goes I can’t say that I’m 100% sure what the person who came up with it meant, but it seemed rather obvious so I didn’t put that much thinking into it: forwarding incoming packets (traffic) towards a specific private IP address (from the whole bunch of possible IPs of the LAN) by using the port number of the destination public IP of the incoming packet, to choose the destination private IP in the LAN.

Basically it describes what the NAPT algorithm has to do:

look at the destination port number of the incoming packet as soon as it arrives;

then lookup that port number in the NAT table and if you find an entry for it, forward that packet to the IP:port in the LAN, specified in that entry (**after **you replaced the IP and port values in the respective headers of the packet of course).

Since NAPT takes the place of routing, while it’s enabled, there is no way around it. You HAVE to deal with it or disable it (if your equipment allows it) but then in case of a home equipment you won’t be able to access the Internet in standard configuration.

Router firewalls, don’t route/send/forward traffic towards any IP. They can permit or forbid certain types of traffic to reach the whole LAN or certain IPs (depending on the rule) but that’s the extent they go.

If they permit the traffic, this doesn’t mean that they actually take care that it reaches the destination or that it knows how to get there.

It’s somebody else’s job (either the routing process or the NAT process) to route or “push” (forward) the traffic to the destination.

If either of the two (firewall or NAT) stands in the way (by not being properly configured) the port won’t be open. Therefore on the vast majority of SOHO routers getting an open listening port will actually involve making an “allow” rule in the firewall **and **a “forwarding” rule in the NAPT process so that it knows where incoming traffic needs to go.

Except many of them (for the sake of comfort) will perform both operations on a single page in a single smooth process, giving many users the impression that this is just a one step operation.

In reality, the device is smart enough so that once you configured a forwarding rule in the NAPT interface, it will automatically open that port in the firewall to save the user of more headache.